How do you manage the licenses of the dependencies (libraries) of your project?
I would like to know if the Nexus repository manager includes a License manager like Artifactory (with this plugin : http://wiki.jfrog.org/confluence/display/RTF/License+Control).
If there is no way to do that in Nexus via a plugin, how do you manage the licenses of the dependencies of your project (with maven) ?
e.g. for a commercial project, I can't include a GPL library into the final artifact (.jar, .war, etc.).
Answer
The Artifactory functionality can be emulated using the Maven license validator plugin
http://code.google.com/p/maven-license-validator-plugin/
The practical problem with both these approaches that very few Maven Central modules have up-to-date license information in their POMs. So from what I can see this is a great idea which falls short of a real solution to the problem of assessing your build's license compliance...
My ideal solution is an external set of processes which scan the contents of the Nexus repository for available license information. This information is then used to seed the Nexus Professional's procurement suite to control the contents of an approved repository for use in release (non development builds).
Some binaries contain textual license files and alternatively the associated source code packages could be also be scanned for license and IP information. A number of 3rd party tools are available to perform this task. The ones I've been considering are:
In conclusion, until Maven Central can provide reliable meta data on module licensing, I think solutions to this problem will remain highly customised and sub-optimal